Re: [Cfrg] erratum for hmac what do we think...

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Thu, 02 February 2017 14:22 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C41D12940E for <cfrg@ietfa.amsl.com>; Thu, 2 Feb 2017 06:22:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gegjD7uHTFG5 for <cfrg@ietfa.amsl.com>; Thu, 2 Feb 2017 06:22:34 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0135.outbound.protection.outlook.com [23.103.200.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EAD1129408 for <Cfrg@irtf.org>; Thu, 2 Feb 2017 06:22:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pSnCRIHprVsMljU7YTwYI5+V4rvODUWgdLIqeoIwRHU=; b=D0z3vmC0CL/e9qnBZjL/pewDW9xV6oDzW3DZ9YAfWSvFPDBes4F5gGrEt5el73dCE5naKlRfx0aX4/P4l2Z+SN0X9hRfdj2VPsY560PHp7ckd02qJi7C0XpxoCcyUEWx69uuz1TD6AGjUEKR0Vg7wJJ5TwT7S6m5MNGAXM+s0es=
Received: from CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) by CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Thu, 2 Feb 2017 14:22:32 +0000
Received: from CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) by CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) with mapi id 15.01.0888.020; Thu, 2 Feb 2017 14:22:32 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "cfrg@irtf.org" <Cfrg@irtf.org>
Thread-Topic: [Cfrg] erratum for hmac what do we think...
Thread-Index: AQHSfPuTQmuL3UqM9EiFUsuWG7TDaaFVwYGAgAACtTyAAAEWOg==
Date: Thu, 2 Feb 2017 14:22:32 +0000
Message-ID: <CY4PR09MB1464453C2AE6265E43011C6BF34C0@CY4PR09MB1464.namprd09.prod.outlook.com>
References: <666efaf7-b660-e20b-8a8a-8949a64e9bed@cs.tcd.ie>, <D4B8ED5B.83EFC%kenny.paterson@rhul.ac.uk>, <CY4PR09MB14645E105002D056B27D9DA4F34C0@CY4PR09MB1464.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB14645E105002D056B27D9DA4F34C0@CY4PR09MB1464.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [129.6.218.222]
x-ms-office365-filtering-correlation-id: e145b334-1b4d-44da-ae01-08d44b76ed76
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR09MB1464;
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1464; 7:ZrlYxSEbMCqEbg99u56Wtc54F/VX4UL+7JIkMmBBsacQji+pDQk37X7HatI+9qNjtkVVdwSG7ITzoy+FVljdemj/WLseTX4uyO5xEcWikCets8A0/K8tqgqSca7jYunsepOn/VaQnR+qCThuPTryFhhVRWbmKdUUO6dL9QdoIYxQUq+zJu/UCttfpNT9NCHj4+DN/qSF4n9MfFB1FOxnMTM5dl1EMRxKXc1RMyVAPJCa29Sy0zUyS2IHZBTOmXnDug/kS49kfKhdGnhiFfN7YBw2FOAi3kIpO5a5rWfDXkckidiZLYm812tByJunntDioo0QxLfrTVevVW+MLRIwuJYkgbYh951eEstthW2laonUYECeFbz6V9C/YcNjZe/i7XgRnCCzT5VDNETUrwccuGAQmhq46XM6jqmYYLZ9HE/7OkjJgF+MnItTb+yjuDoPNnyYQ6HyVwsgnROIQOflQ8/aoYOonOBsYNzzCSlHYmkOTPNvfmETn0wo9eceBukB7T86TiROSd27Z1QbY6CnnA==
x-microsoft-antispam-prvs: <CY4PR09MB1464A80372F2D3A4B8878DCAF34C0@CY4PR09MB1464.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715)(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123564025)(20161123562025)(20161123560025)(20161123555025)(6072148); SRVR:CY4PR09MB1464; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1464;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39860400002)(39850400002)(39840400002)(39410400002)(39450400003)(377454003)(189002)(24454002)(199003)(606005)(6506006)(19627405001)(107886002)(6436002)(8676002)(8656002)(77096006)(2501003)(68736007)(6116002)(102836003)(105586002)(8936002)(81156014)(99286003)(2900100001)(106116001)(25786008)(92566002)(3846002)(236005)(106356001)(9686003)(5001770100001)(97736004)(86362001)(66066001)(229853002)(38730400001)(2950100002)(50986999)(3660700001)(7906003)(3280700002)(33656002)(122556002)(101416001)(54356999)(16799955002)(76176999)(74316002)(55016002)(6306002)(54896002)(81166006)(189998001)(2906002)(7696004)(53936002)(3900700001)(5660300001)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1464; H:CY4PR09MB1464.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB1464453C2AE6265E43011C6BF34C0CY4PR09MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2017 14:22:32.6523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1464
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/jFv9uCUW4WqzdJFfKSszChYzYtU>
Subject: Re: [Cfrg] erratum for hmac what do we think...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 14:22:36 -0000

One way to fix that is always hash the key.


Quynh.

________________________________
From: Cfrg <cfrg-bounces@irtf.org> on behalf of Dang, Quynh (Fed) <quynh.dang@nist.gov>
Sent: Thursday, February 2, 2017 9:20:03 AM
To: Paterson, Kenny; Stephen Farrell; cfrg@irtf.org
Subject: Re: [Cfrg] erratum for hmac what do we think...


Kenny just made a great point that HMAC is not a PRF: it is trivial to find 2 keys which produce the same HMAC output.


Quynh.


________________________________
From: Cfrg <cfrg-bounces@irtf.org> on behalf of Paterson, Kenny <Kenny.Paterson@rhul.ac.uk>
Sent: Thursday, February 2, 2017 9:07 AM
To: Stephen Farrell; cfrg@irtf.org
Subject: Re: [Cfrg] erratum for hmac what do we think...

Dear CFRG,

It'd be great if some HMAC experts could take a look at this proposed
erratum and give a view on it.

I looked quickly myself. It's an undesirable property, but I don't think
it's disastrous (yes, I could invent scenarios where one could come
unstuck because of it). It reminds me somewhat of the well-known, and
again somewhat unfortunate, fact that HMAC keys of different lengths can
end up being padded to form colliding keys.

Cheers,

Kenny

On 02/02/2017 02:24, "Cfrg on behalf of Stephen Farrell"
<cfrg-bounces@irtf.org on behalf of stephen.farrell@cs.tcd.ie> wrote:

>
>Hiya,
>
>There's an erratum posted for hmac [1] where I'd be
>interested in what folks here think.
>
>I'm unsure if this is a real problem, esp given that
>there are I guess a lot of implementations.
>
>And even if it were a real problem, I'm not sure we'd
>want that fix.
>
>Opinions welcome...
>
>Thanks,
>S.
>
>[1]
>https://www.rfc-editor.org/errata_search.php?rfc=2104&eid=4809&rec_status=
>15&area_acronym=&errata_type=&wg_acronym=&submitter_name=&stream_name=&sub
>mit_date=&presentation=records
>

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg